Tag Archives: #mcsc

Well it’s certainly one way to get yourself a Model 3: hackers have successfully exploited a security hole in Tesla’s in-car browser at the Pwn2Own hacking contest, earning themselves one of the electric cars as a prize.

TechCrunch reports that Richard Zhu and Amat Cam – aka team Fluoroacetate – were able to bypass various security measures to get a message displayed on the browser.

Tesla has said it will issue a fix for the bug to prevent it being exploited in the future. Meanwhile, the Fluoroacetate team walked away from Pwn2Own with some $375,000 (about £283,700 or AU$529,100) in prize money, as well as their new car.

“We understand that this demonstration took an extraordinary amount of effort and skill, and we thank these researchers for their work to help us continue to ensure our cars are the most secure on the road today,” said Tesla in a statement.

Browser changes

It’s worth pointing out that the bug that Zhu and Cam exploited was limited to the browser – they weren’t able to take control of the car or anything like that.

At the same hacking conference, hundreds of thousands of dollars were paid out for bugs discovered in Apple Safari, Microsoft Edge, Microsoft Windows, VMware Workstation and Mozilla Firefox.

In other Tesla browser-related news, CEO Elon Musk announced on Twitter that the in-car software would soon be making the switch to Chromium – the same open source code that Google Chrome is built on.

Whether or not that makes the browser more secure remains to be seen, but as always, don’t try browsing the web and driving a car at the same time.

Coffee shop chain Dunkin’ Donuts has announced that it has become the victim of a second cyber attack within three months. It was announced yesterday by the chain that a second credential stuffing attack occurred on January 10.

Second Attack

As mentioned in a previous article HERE, Dunkin’ Donuts suffered a similar attack on October 31 2018. This attack was disclosed to the public in November and was found to have stolen usernames and passwords of customers.

Just like the first attack, hackers were able to gain entry to the DD Perks rewards accounts with credentials leaked from other sites. The data typically stored on these accounts includes names, email addresses, and 16 digit DD Perks account number.

It seems the hackers weren’t after the account data, but the accounts themselves. These accounts are thought to be sold on Dark Web forums.

Growing Trend

According to several ISP security engineers, this practice of selling accounts is becoming a growing trend. They said that hacking groups are renting IoT botnets and running scripts to carry out credential stuffing attacks against a number of online services.

One script that is used in credential stuffing attacks is called SNIPR and is thought to be one of the ones being sold online for Dunkin’ Donuts attacks.

Once the hackers have broken into these accounts, they sell them to other people who then use the reward points for free food/drink and unearned discounts.

Working to Combat Attacks

In a statement from Dunkin’ Donuts they stated:

“Dunkin’ continues to work aggressively in combatting credential stuffing attacks, which have become increasingly prevalent across the retail industry given the massive volume of stolen credentials now widely available online.”

They also went onto say:

“Dunkin’s internal systems did not experience a data security breach, however, when we are made aware by our security vendors that third-parties may have obtained our customers’ usernames and passwords through other companies’ or organizations’ security breaches and potentially accessed their accounts, we immediately take action to protect the consumer by resetting their password and changing any Dunkin’ cards they may have.”

Hungary’s Prosecution Service has accused an ethical hacker and computer specialist of infiltrating the Magyar Telekom database. The office found him involved in a crime that disrupted the operations of a “public utility” thereby attempting to endanger the society.

Reportedly, the hacker identified serious vulnerabilities in Magyar Telekom and reported them to the company. He was arrested for that and is now facing a sentence of several years in prison.

The Hungarian Civil Liberties Union (HCLU), human rights NGO, is defending the hacker and claims that the indictment file isn’t complete. On the other hand, the statement from the NGO was rejected by the Jász-Nagykun-Szolnok County Prosecutor’s Office.

Magyar Telekom is a prominent telecommunications company in Hungary. The company complained against the hacker, who reported them about a vulnerability in the company’s systems in April 2018. The hacker proposed the idea of cooperating with the company in dealing with the situation when he was called for a meeting but this collaboration was never materialized.

The hacker continued to investigate the company’s networks. Later in May, the hacker identified another vulnerability, which he explained can be used to access the public and retail mobile and data traffic if exploited and can also help in monitoring T-Systems’ servers.

That day, Magyar Telekom filed a complaint about an unknown attacker probing their system, which eventually led to his arrest. The trial commenced this week and the Prosecutor’s Office is seeking a prison sentence. The HCLU, however, alleges that since the indictment files aren’t complete because these lack the time and place of the event and it isn’t clear what actually happened and what the accused did to the systems of the company.

Another strange fact is that the Prosecutor’s Office has offered the accused a rather unexpected and unusual plea bargain, according to which if he pleads guilty the court will suspend his sentence for two years and if he doesn’t then he might be facing five years in prison.

The accused refused to plead guilty and rejected the plea bargain offer, after which the Prosecutor’s office changed the details of his crime in the indictment with that of causing disruption to a public utility’s operations with his actions. He is now facing up to eight years in prison.

“The hacker, beyond the limits of ethical hacking, launched new attacks after the first attack, and began to crack additional systems with the data he had acquired so far,” the company told Napi.hu.

The HCLU maintains that ethical hackers cannot be held responsible for identifying vulnerabilities because they are working for the welfare of the society. However, the Prosecutor’s Office claims that the accused crossed the line and his actions threatened the society, so, he should face the consequences under criminal law.

As per the report from Heise.de, a German-language website, the first collection, which was published on January 17 and dubbed as Collections #1 had approx. 770 million or 772,904,991 unique email IDs of people. It also had 22 million usernames and passwords spread across 2,692,818,238 spreadsheet rows contained in 12,000 files.

The second collection of data is named Collections #2-5 and has been posted on Interweb. It contains 2.2 billion usernames and passwords and includes roughly 845GB of stolen data. The data includes 25 billion records but according to researchers most of the leaked accounts are duplicated, and might have been collected from previous data dumps. However, even if the duplicate accounts are left out, the size of the new data dump is much larger (at least three times large) than Collections #1.

According to a report from Wired, a researcher associated with the Hasso Plattner Institute noted that despite having duplicate content, the new data leak is probably larger than any published in the past because it still contains unique, new credentials in the majority.

Who posted the data? This question is still a mystery but researchers believe that the hackers might have collected the data from many low-key websites. Nonetheless, the appearance of old credentials once again in a massive, fresh data dump does make the targeted users around the world vulnerable because most people use the same credentials to access their accounts on different services.

Interestingly, instead of selling the data on underground forums like the dark web, the hackers behind the Collections data leak are offering such a massive number of unique credentials and emails IDs online for free. The databases can be accessed easily as a Mega upload link as well as on different hacking forums.

In a conversation with Wired, Chris Rouland, founder of Phosphorus.io security firm said that while he was downloading data he observed that the same data has been downloaded over 1,000 times already. Moreover, Rouland noticed that over 130 people were involved in making the database available online. Since there are multiple copies of the data online, therefore, it will be much difficult to remove it from the internet for good.

One of the public hacking forums where the latest dumb is available for download.

If you want to check whether your account details are part of the new data dump called Collections #2-5, you need to use the tool available at Hasso Plattner Institute’s website and enter your email ID. If the tool identifies your ID to be part of the new data collection, it will notify you via email. You can also use Identity Leak Checker developed by Hasso Plattner Institute if your email and passwords were part of a recent data breach.

You might’ve already put together your top nine posts on Instagram for 2018, but there’s also a way you can see which colors dominated your posts this year. Year of Color is a web app which builds a visualization of your posts, arranged in a cluster of cute, different sized bubbles.

Each circle’s size is representative of the frequency of that color, plus how well-liked it was by your followers. As seen from my own profile, blues and browns seem to represent quite a number of my photos last year.

Launched last year by couple Stef Lewandowski and Emily Quinton, the tool requires you to sign in with your Instagram account. Only public accounts work, and you can request a report for the last year or a particular set of dates. Once your report is built, you can emphasize saturated or brighter colors, order colors by time or popularity, or play through these different modes.

A slider allows you to play with sorting the brightness or popularity of certain colors, and you can also share your visualization to Instagram or get a printable version too if that’s your jam. It’s just another way to catch a glimpse of your Instagram game if scrolling through your profile doesn’t quite cut it.

2018 was a year of massive mergers and acquisitions, with AT&T/Time Warner, Disney/Fox and Comcast/Sky. The #MeToo movement made headlines, and the dominant emotion in boardroom discussions around Hollywood and beyond was fear … lots of fear in the ranks of our tech-infused world of media and entertainment (as well as in the world itself).

So what does the crystal ball predict for 2019?

Here are some of the narratives that will shape the world of entertainment next year and set the stage for the roaring 20s of the media industry.

PREDICTION #1 – Blood continues to spill in the relentless battle amongst premium OTT video giants, as Apple and Disney join the subscription video fray and add to the epic collective assault on Netflix. In the midst of it all, smaller “niche” players either find their singular voices that attract “fandom” and broader monetization, or risk being marginalized and swallowed up by their strategic investors (for a fraction of what they would have commanded a couple years back).

Originals continue to be the primary weapon used in the premium subscription streaming video battlefront, extending media’s new “Golden Age” for creators and further skyrocketing content-related development and production costs (including the price tags for A-list marquee talent). Fierce premium OTT video competitors increasingly use content both offensively and defensively, like Disney withholding its crown jewels from Netflix (Star Wars, Pixar, Marvel, Princesses, X-Men, Avatar). Netflix feels the heat, as will its investors, as the collective crew of “Netflix-Killers” put increasing pressure on its pure-play business model.

Meanwhile, the newly expanded list of virtual MVPDs (multichannel video program distributors) fix their initial flaws, offer consumers real competitive choice, and hasten consumer cord-cutting even further. Whereas we started 2016 with 2-3 real, viable mainstream choices in the U.S. for live television, as of 2019, consumers now can access nearly 10 (cable, satellite, Hulu Live, YouTube TV, DirecTV Now, Sling TV, PlayStation Vue, fuboTV, etc.). And, even in these nationalistic times, let’s not forget about massive international players like Tencent, Alibaba or Baidu’s iQIYI, which went public in the U.S. markets this past year.

Amidst this battle of video giants, several smaller so-called “niche” or segment-focused video players either expeditiously find their uniquely compelling voice and build a fandom-fueled multi-pronged monetizing brand around it, or simply get lost in the noise.

FILE – This June 27, 2015, file photo, shows the Hulu logo on a window at the Milk Studios space in New York. Hulu said Monday, Aug. 8, 2016, that the company is dropping the free TV episodes that it was initially known for as it works on launching a skinny bundle of streaming TV.

PREDICTION #2 – Media-Tech driven M&A continues to rule the day in all segments. On the video side, both traditional media companies and undercapitalized and underperforming privately-held new media companies languish in this beyond-crowded OTT video space and become logical M&A targets.

And don’t just look within U.S. borders. No virtual wall exists in our borderless new media world, which means that M&A’s pace will accelerate internationally as well. Remember, the Comcast/Sky deal represents a U.S. behemoth’s ambitions to significantly expand its footprint into multiple European territories. Lots of mega-companies around the globe desperately hope to expand their footprints to places where, up to now, they have never been.

To be clear, not all M&A will flow from weakness. Sometimes the numbers offered simply will be too high to reject. But make no mistake. Weakness will abound amidst hyper-competition, and winners will swallow up losers in an environment of accelerating M&A. Many of the so-called niche-focused OTT video services still primarily rely upon ad dollars (especially the younger ones), but remember, Google and Facebook already own about 2/3 of that global digital advertising market. That means that most pure-play OTT video players simply cannot succeed on ad dollars alone. And, for most, other means of monetization will be beyond their reach, as they fail to deliver a sufficiently compelling, differentiated and emotionally connected media experience. So, much like Uproxx did this past year when Warner Music Group acquired it (likely for a song), expect several of the new media players to lose their Indie status.

PREDICTION #3 – The music industry’s streaming-driven turnaround continues and streaming revenues accelerate, but pure-play music services led by Spotify continue to hemorrhage money as losses mount. Meanwhile, the giant “big box” retailers of the day — Apple, Amazon and YouTube (particularly YouTube) — brazenly march on, indifferent to that suffering with their fundamentally different underlying marketing-driven business models.

Yes, Spotify boasts massive scale. Yet, scale alone does not financial success make. In fact, pure-play growth success leads to higher and higher losses due to sobering industry economics these pure-plays can’t stomach, but the behemoths can due to their multi-pronged business models. These harsh realities mean that investors of many pure-play streaming music services will take a hard look at themselves in 2019 as they contemplate their next strategic next steps. Many will realize that they can’t go it alone. And that leads to more M&A, much like we saw this past year with SiriusXM buying Pandora and LiveXLive buying Slacker. Spotify is not immune here. Unless it successfully expands its business model and drives major new revenue streams, it too could be bought. Facebook anyone?

NEW YORK, NY – APRIL 03: The Spotify banner hangs from the New York Stock Exchange (NYSE) on the morning that the music streaming service begins trading shares at the NYSE on April 3, 2018 in New York City. Trading under the symbol SPOT, the Swedish company’s losses grew to 1.235 billion euros ($1.507 billion) last year, its largest ever.

PREDICTION #4 – Tech-driven media companies thrive and increasingly dominate the entertainment world by using data to their advantage. They use AI, voice and machine learning to dominate further and even more broadly infiltrate our lives and impact our media and entertainment experiences.

Netflix, Amazon and Facebook increasingly mine their deep data about all of our hopes and dreams to maximize “hits” and minimize “misses” as compared to traditional media companies. In many respects, the studios simply can’t compete. Faced with that reality, the quest for data — and the services that provide analysis and inform – takes on new urgency. Further, the Hollywood establishment and creative community still have yet to understand – at least in large numbers — the power of new cost-effective tech-driven ways to test and measure new characters, stories and engagement in order to more smartly and efficiently place their big expensive bets.

Meanwhile, the new tech-driven media giants hope to increase their overall Media 2.0 dominance through the soothing voices of Alexa and Siri (sorry Google, yours is a little less so) and the overall AI/machine learning revolution. “Virtual assistants,” “smart speakers” (or whatever you want to call them) increasingly dominate our home conversations, improve significantly over time, and serve up our favorite content via “intelligent” recommendations (as well as increasingly targeted and smarter incentives, promotions, ads and goods). 71% of us already use voice assistants at least once per day (most frequently for selecting the music we like to hear), so voice most definitely is here to stay.

More exotically, and perhaps somewhat alarmingly, AI also increasingly drives so-called “intelligent” creation. AI already develops movie trailers that some believe approach the impact of their human-generated counterparts. You be the judge — check out the first AI-produced movie trailer, care of IBM’s Watson, for the fittingly AI-themed 2016 motion picture thriller Morgan. And, just imagine how much AI has advanced in just these past two years since then. Can AI screenwriters be far behind? Gong Yu, founder and CEO of China’s leading streaming platform iQIYI certainly doesn’t think so. In his words, AI “will reshape the entertainment industry over the next 10-15 years, much more so than the Internet did over the past three decades.” Just chew on that for a bit.

So, AI may become a real threat even to creative pursuits that, up to this point, most in Hollywood believe are untouchable by computers, bots, and robots. Tesla maven and global futurist Elon Musk is downright dystopian and takes things even further, warning that AI may be an ultimate global threat to us all. Musk tweeted in 2017 that “competition for AI superiority at a national level most likely cause of WW3.” Those were his precise words, so that was either Musk’s particular form of Twitter-speak, or his mind had become a bit hazy during one of his notorious cannabis-fueled interviews!

Amazon is releasing a software development kit that will let developers integrate Alexa into smart screen devices.

PREDICTION #5 – Behemoths Apple, Google and Facebook, together with other tech-driven media giants and deep-pocketed financiers from around the world, increase their already-massive investments in immersive technologies and accelerate mainstream adoption of AR.

AR’s gold rush means continued growth in the related wearables market and consumer adoption of AR-driven eyewear.Investors of all stripes also continue to throw boatloads of cash into the overall immersive space to fuel the development of experiences (including real-world live entertainment and storytelling, not only games) to feed these new platforms. Expect significant investment in content. The immersive market opportunity is still so nascent, yet its ultimate promise is so great, that the money working to capture it in 2019 and beyond will seem endless. And, when so much money chases a market, that market becomes our consumer reality.

The onset of 5G wireless networks will only hasten the growth of extended reality (XR) in all its forms. Speaking of 5G …

GUANGZHOU, CHINA – DECEMBER 06: Attendees look at 5G mobile phones at the Qualcomm stand during China Mobile Global Partner Conference 2018 at Poly World Trade Center Exhibition Hall on December 6, 2018 in Guangzhou, Guangdong Province of China. The three-day conference opened on Thursday, with the theme of 5G network.

PREDICTION #6 – 5G Networks launch, reveal their early media and tech promise and possibilities, and begin to transform our media and entertainment experiences (as well as the overall ecosystem that supports them).

5G networks are critical for media experiences that require low latency, including AR, VR, and eSports. For AR, 5G reduces the size of consumer headsets, because processing is now done on the network itself rather than on the device. That makes wearables increasingly user-friendly and fuels further innovation and adoption. 5G also accelerates more high-quality video consumption on our mobile phones, thereby pushing purveyors of premium OTT video like Netflix to increasingly focus on mobile-first content experiences.

Call this the “Amazon Effect,” as players across the Media 2.0 ecosystem stop scratching their heads about Amazon’s direct-to-theater film releases, brick and mortar retail expansion, and Whole Foods superstore operations – and, instead, increasingly study, respect and emulate them. Netflix certainly did in 2018. After trashing Amazon one year earlier for releasing its features first in theaters, Netflix announced it would begin to do the same.

Amazon understands what most still haven’t even considered – that direct, non-virtual offline consumer engagement may be the most impactful plank of them all, driving online engagement into the real world (and then back again) to create a virtual cycle of daily brand engagement and consumer monetization every step of the way. Even traditional media company Viacom now shows signs of understanding these online/offline brand synergies. It bought both youth-focused video industry conference VidCon and music festival SnowGlobe in 2018.

So, while MoviePass may go the way of the Dodo bird in 2019, movie theaters themselves will not die. They simply will be re-imagined. We humans, after all, are social creatures. We like to get out, and we won’t be satisfied binging on Netflix alone. Movie theater subscription services most definitely are here to stay, and Amazon will offer one soon for Prime members. After all, in a fun fact that may surprise you, more museums populate the planet – significantly more – than McDonald’s. See, there is hope!

ANAHEIM, CA – JUNE 23: General view of panelists at the 7th Annual VidCon at Anaheim Convention Center on June 22, 2016 in Anaheim, California.

PREDICTION #8 – The #MeToo Movement continues to transform the face (and faces) of both old and new media. And, new faces will invest new industry dollars in new (and frequently very different) content choices, bringing us new (and frequently different) stories and transforming our media and entertainment experiences.

Revelations aren’t over. Abuse was simply far too pervasive. Old players are gone. New, frequently younger, tech-driven media savvy faces get a seat at the decision-making table. They change the game of “what” and “how” we experience content.

Ultimately, #MeToo both cleanses the overall new media industry and fills our plates with very different media and entertainment choices.

PREDICTION #9 – Fake news, fraud and breaches of privacy continue unabated and accelerate, as does marketing concern for “brand safety.” These seemingly unstoppable negative forces continue to place downward pressure on ad-dependent open platforms.

Make no mistake, we are in the midst of hacking wars, the likes of which we’ve never seen. This “good versus evil” reality is here to stay, and players across the tech-driven media and entertainment ecosystem either significantly increase their investments in counter-measures and related PR, or risk the wrath of consumers and the overall ad market (much like Facebook did this past year).

Twitter cleaned 70 million fake and automated accounts in a two month span last year (and 1 million more daily), Instagram conceded that over 50% of engagements on its posts tagged as #sponsored are fake, Spotify similarly conceded prevalent ad fraud and decreased its total reported content hours streamed by hundreds of millions of hours, and competing music service Tidal faced accusations that it had falsified tens of millions of streams. Just a few examples of how pervasive fraud and audience manipulation has become in our Media 2.0 world. These fake accounts create, in the words of Variety, “a shadow army of followers that has comparatively little monetary effect. But perform the same manipulation with music streams, and it constitutes fraud.”

PREDICTION #10 – Blockchain technology and crypto-currency-fueled investment and experimentation, already over-hyped and under-performing, continues apace. Yet, once again, there will be little to show for it in the world of media and entertainment. At least for now.

Early blockchain leaders continue to be irrationally overvalued, which is always the case with any nascent market. But, on a happier note, the voice of blockchain technology – heard thus far mostly in investment circles with promises of “instant millions” (or even billions) – becomes increasingly heard for its more positive potential for the world of media and entertainment. Blockchain technology conceptually holds revolutionary industry-transforming new offensive and defensive power. On the offensive front, blockchain enables new ways to monetize content via micropayments and direct creator-to-consumer distribution sans today’s leading middlemen. These possibilities begin to reveal themselves in 2019. On the defensive front, blockchain promises to eradicate piracy, but that happens in years, not this coming year.

The bottom line

2019 certainly will push 2018’s Media 2.0 boundaries noticeably further, driven by these and other industry meta-forces. But, these changes will be barely noticeable compared to the seismic shifts to follow in the next ten years.

I close with Paramount futurist Ted Schilowitz’s perspective on all of this. In our conversation, Ted points to two phenomena — the first of which he calls “the known unknown,” and the second he calls “the ten-year curve.”“The known unknown” refers to what he calls the “scary” fact that we all know that massive tech-driven change is coming, but we don’t know the “twists and turns that get us there.” Meanwhile, “the ten-year curve” refers to “big dynamic change waves” that follow ten-year cycles. In Ted’s view, we just recently finished the YouTube and iPhone 10-year cycles, and now essentially everyone around the globe participates in those dual phenomena.

So, what’s “the next big thing?” Ted calls it the “the evolution of the screen” – so-called “visual computing” via new forms of eyewear (wearables) that replace our smartphones. Think Minority Report-like data and content interaction, and you get the general idea. “Surprisingly little has changed with human/screen interaction in the past 30 years,” Ted points out. He reminds me that while user interfaces have become more sophisticated, actual screen interaction is not massively different — comparing interaction on Mac screens 30 years ago and on iPhones today.

That is all changing right now — as you sit, read and soak in Ted’s thoughts either in print or more likely on your own v.2019 screen. According to Ted, we are only about 3.5 years into this 10-year visual computing cycle. “In 2013-2014, we saw the first idea of commercializing a track-able screen, a spatial screen. That is a massive change. We will fundamentally change how we use our screens. I see a very distinct future where these things will emerge from their cocoon and replace the iPhone, laptop, etc. You will notice an evolution of 30 minutes per day, then one hour, then two hours, etc.”

Think that overstates things a bit? Well, Ted cautions you this way. “It’s the exact same paradigm shift we saw with mobile phones decades ago. Just imagine back then that you would – decades later (i.e. today) — carry a device with you almost every waking moment of your waking life. Even Bill Gates would have said that is ridiculous.”

Yet, here we are. Today. In that “unimaginable” world. That’s how fast it goes.

Ted is adamant about this inevitable “evolution of the screen” reality, and he is convincing. “I know the next evolution is coming. All of these experiments today are on their way to something really, really significant. 2019 will be very subtle in this revolution. Still for the early adopter, because none of these head-mounted immersive devices today will replace our smartphones. But the constant and continuous evolution of this tech is happening.